IP addresses for Domain scanning

Aikido uses dedicated IP addresses to perform scanning of your domains (DAST). To prevent connectivity issues, rate limiting, or security blocks, add these IPs to your firewall’s allowlist or other security software. After this, rescan your domains to confirm connectivity.

To use 'Fetch OpenAPI by URL', you must also add the Code & Container scanning IP addresses.

EU-based IP addresses:

3.248.4.169
54.76.211.68
54.228.156.63
54.247.155.164
18.200.152.99
18.202.99.112
52.48.122.82
54.194.175.200

US-based IP addresses

98.85.190.95
52.204.144.1
44.209.56.130
18.210.114.117
35.168.38.209
35.173.56.162
54.227.161.94
44.209.154.183

Optional IP addresses (used for troubleshooting with support):

79.127.239.171

The IP address lists are also available as JSON arrays

Third party provider instructions

For instructions on adding IP addresses to allowlists with third-party providers, refer to the following resources:

Cloudflare WAF
- For Cloudflare Turnstile the IP's also need to be added to Cloudflare IP Access List. Aikido IP's should be in both lists for scan to work.
Azure WAF
AWS WAF.
- For WAFs behind Application Load Balancers or CloudFront, your WAF should check the last IP address in the X-Forwarded-For header.
Vercel WAF
- Use the "bypass" action for trusted IPs

Last updated 21 days ago

Was this helpful?